Steve -

We could use DSA-type certs for DH if we remove the restriction
that q be 160 bits.   A larger q would be better for a number
of reasons,  and next-gen DSA certs should probably use SHA-256
or SHA-512 anyway.  The only challenge then would be to provide
for DH-POP in Certificate Signing Requests.  Sound reasonable?
I think maybe I could bite off a chunk of this...

Comments?

- Michael Sierchio
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to